How to enable VPN passthrough DrayTek router? Of course this is the most important question nowadays because of many routers which is an obstacle in front of using VPN. While there are some features in the router does not allow the VPN to work successfully.
So, you need to enable VPN passthrough DrayTek router for example to allow VPN traffic to passthrough it easily without any restriction or blocking by the router.
How can I enable VPN passthrough for an internal VPN server?
This applies to NAT mode only. If you have a VPN server running behind the Vigor router you can set the router to pass through to it. This will work for PPTP, L2TP IPSec+ESP protocols; it will not work for IPSec+AH mode because the AH protocol is designed to block address translation (due to embedding the source IP addresses in the header). So, it will help successfully to enable VPN passthrough DrayTek router. You must disable the VPN feature built-in the router because it may affects the VPN traffic badly which means intercept it to passthroguh.
To enable VPN passthrough DrayTek router, you may need to open some ports.
For example:
The PPTP protocol uses TCP Port which takes the port number: 1723 for link setup and IPSec/ESP uses Port number: 500 for IKE setup. If you enable those ports in the router’s open port setup, the router will automatically also open up the corresponding VPN protocol, such as GRE or ESP respectively.
Note: You can set the rule you need according which one of PPTP, L2TP, or IPS/ESP you are using. You do not need to set all of the above mentioned rules methods. But if you want to set all of them together, you can do it.
Another alternate method to enable VPN passthrough DrayTek router:
If the above mentioned methods (opening ports) do not work for your particular server protocols you can enable the router’s DMZ facility instead of it to enable VPN passthrough DrayTek router. But you must take in consideration this method is less secured than opening just the required ports/protocols as we mentioned above. Tpasshe DMZ should refer to the internal IP address of the router:
Conclusion:
Now you have three options to enable VPN passthrough DrayTek router, you can run VPN client behind Vigor router depending on the protocol without need to set any extra changes, or you can disable the router’s own VPN facility and open the required ports, or you can resort to use the DMZ.
How can you enable IPSec passthrough on the Vigor2820?
On the Vigor2820, IPSec VPN passthrough is disabled by default. And this backs to the incompatibility of IPSec passthrough with the new feature “NAT-T” which is supported now on the routers internal VPN server. The Vigor2820 NAT-T support allows remote VPN clients that are behind a NAT router to more easily connect via VPN and let VPN traffic to passthrough the router.
You can use this command to enable IPSec passthrough (srv nat ipsecpass on)
How many VPN tunnels can the Vigor passthrough?
The router itself does not create the VPN tunnel so VPN passthrough allows a client or server behind the Vigor is generating the tunnel endpoint itself. A VPN server behind the Vigor router can accept many different remote clients so that it can create VPN tunnel to it. You can also have multiple VPN clients behind the router each so that you can make a tunnel to a different remote VPN server.
You do not have the permission to have more than one VPN client behind the Vigor creating a tunnel to the same remote VPN server. This is because you cannot distinguish between the VPN protocol reply packets from each other, so the router cannot tell which VPN client the reply packets are intended for, if they come from the same remote host. If this is required, “instead of passthrough” then consider letting the Vigor create the tunnel itself and then multiple clients can then pass through that one tunnel, and this is also more efficient. You can run multiple internal (LAN-side) VPN clients if they each are connecting to a different remote server.
